Cyber attacks against all kinds of businesses and other organisations are increasing in volume. The same is true for the charity sector. Charities of all sizes are seeing more cyber attacks against them and those charities with high incomes are even more of a target for criminals.
A report conducted this year (2021) by the Department for Digital, Culture, Media, and Sport shows 26% of charities have suffered a cyber attack in the previous 12 months.
The stats in the charity sector backup an overall report of a 125% increase in the volume of cyber attacks year on year.
This data shows that charities need to be proactive in their security measures and staff training to help prevent attacks and limit any damage that can be inflicted if a cyber attack does occur.
For charities with moderate income and less resources to spend this is obviously challenging when they want to direct their funds towards helping worthy causes.
There are many steps charities can take to improve data protection and security process and ensure they can continue to support their beneficiaries in the future. The tips below help provide some insight into how charities can boost their IT systems and security processes.
Protection against phishing attacks
Phishing attacks are the most common type of cyber attack and rely on users inside an organisation clicking a link in an email or on a website that is designed to install malware or capture personal information.
To help mitigate the threat you can employ a number of defenses starting with staff training. Helping staff to spot and deal with a phishing attack so they don’t click on the link is an effective way to reduce the number of attacks you are exposed to.
Another tactic is to limit the most sensitive data in the organisation to only a few members of senior staff as required. Other possibilities is to deploy regular antivirus scans on your IT systems for malware and viruses. A good antivirus will also include a blacklist of IP addresses that are linked to phishing and spam and will filter these before they reach the inbox.
Use two-factor authentication
Two factor authentication is a way of increasing the strength of protection around important information stored in your IT system. This could include details on finances, donors, trustees and much more. This first step is to set strong password protocols so there are no obvious passwords that would be easy for a hacker to guess. Next, require users to verify they are who they say they are when logging on by requiring a second authentication step. This can be something like a one time passcode emailed or sent by text message to the user.
Back up your data in the cloud
If you want to stay calm and bounce back should you suffer a ransomware attack, you need to make regular backups of your data.
Backups not only help you continue business as usual very quickly after a cyberattack, they also help in the event of other disasters or accidental loss of important data,
Cloud storage and backups is the most popular way of running data backups today due to its cost saving and efficiency over more traditional methods.
Check your hardware
Managing mobile devices remotely can be an important factor for organisations in the charity sector. Many staff are working in the field to secure donations or new supporters and this can require access to company data while on the move using mobile phones and tablets.
The best practice is to ensure the connection to the server containing company data is as secure as possible and its also important to enable access to the device should it be lost or stolen.
A solution such as Microsoft Intune can allow IT staff access to lock, wipe or locate a missing device. The software also allows for device configuration remotely so you can update software and settings to enable ongoing security requirements are met even while the device is in the field.
If you need more advice on IT security and cybersecurity training for your staff it could be worth contacting a specialist IT support company.
About Mustard IT, your security partner
Mustard IT is a trusted team, experienced in security and able to explain complex issues to you in a language you’ll understand. Contact us today to find out how we can help you.